CVE-2018-20252Out-of-bounds Write in Winrar

CWE-787Out-of-bounds Write3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.7%
top 27.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Rarlab WinrarCheck Point Software Technologies LTD Winrar
Timeline
PublishedFeb 5
Latest updateMay 13

Description

In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDrarlab/winrar5.60
CVEListV5check_point_software_technologies_ltd/winrarAll versions prior and including 5.60

🔴Vulnerability Details

2
GHSA
GHSA-3935-5wqm-4j94: In WinRAR versions prior to and including 52022-05-13
CVEList
CVE-2018-20252: In WinRAR versions prior to and including 52019-02-05
CVE-2018-20252 — Out-of-bounds Write in Rarlab Winrar | cvebase